Knowledge Base

Ports that must be open for Site Recovery Manager 1.0.x to 5.5.x, vSphere Replication 1.0.x to 5.5.x, and vCenter Server (1009562)

Symptoms

Site Recovery Manager (SRM) and vSphere Replication can experience problems if the required network ports are not open.

Site Recovery Manager fails to establish site pairing due to connection termination over port 8095.

Site Recovery Manager connection to remote site breaks frequently.

Purpose

In a SRM or vSphere Replication deployment, both the protected and recovery sites must be able to resolve their connected vCenter Server by name. The respective ports must be open on both sites for uninterrupted communication.

When troubleshooting SRM and vSphere Replication pairing and testing issues, eliminate firewalls and security applications as a possible cause of the problem by temporarily disabling or removing the software or item in question.

If you are using a VPN adapter such as SonicWALL or Juniper, ensure that the timeout setting is set to the maximum for any tunnel that is open on the required ports.

The different components that make up SRM and vSphere Replication deployments, namely vCenter Server, SRM Server, the vSphere Replication appliance, and vSphere Replication servers require different ports to be open.

Image of the ports that SRM and vSphere Replication use:

Note: For the full size image and other graphic representations of the port relationships, see the images attached at the bottom of this article.

vCenter Server and ESXi 5.x network ports that SRM requires

SRM and vSphere Replication require certain ports to be open on vCenter Server:

Default Port

Protocol or Description

Source

Target

Description

80

HTTP

SRM

Remote vCenter Server

All management traffic to SRM Server goes to port 80 on the vCenter Server proxy system.

443

HTTPS

SRM

vCenter Server

Default SSL web port

902

TCP

SRM

Remote ESXi host

Traffic from the SRM Server on the recovery site to ESX hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.

SRM Server 5.0.x to 5.5.x network ports

The SRM Server instances on the protected and recovery sites require certain ports to be open.

Note: SRM Server at the recovery site must have NFC traffic access to the target ESXi servers.

Default Port

Protocol or Description

Source

Target

Endpoints or Consumers

80

TCP

SRM

Remote vCenter Server

All management traffic to SRM Server goes to port 80 on the vCenter Server proxy system.

80

TCP

SRM

Local vCenter Server

Management traffic to the local vSphere Replication management server (VRMS) goes to port 80 on the local vCenter Server proxy system.

443

TCP

SRM

vCenter Server

Default SSL web port for incoming TCP traffic

902

TCP and UDP

SRM

Remote ESXi host

Traffic from the SRM server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.

1433

TCP

SRM

Microsoft SQL Server

SRM connectivity to Microsoft SQL Server (for SRM database)

1521

TCP

SRM

Oracle Database Server

SRM database connectivity to Oracle

1526

TCP

SRM

Oracle Database Server

SRM database connectivity to Oracle

5000

TCP

SRM

IBM DB2 Database Server

SRM database connectivity to IBM DB2

8095

SOAP

vCenter Server and vSphere Client

SRM

From the vCenter Server proxy to the SRM Server (intrasite only).

9007

TCP

SRM External API Client

SRM

Used by external API clients for task automation.

9085

HTTP

vCenter Server

SRM

HTTP interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system.

9086

HTTPS

vCenter Server

SRM

SRM client plug-in download between the vCenter Server proxy and SRM.

vSphere Replication appliance 5.1.x to 5.5.x network ports

The vSphere Replication appliance requires certain ports to be open. In SRM 5.1 and later and vSphere Replication 5.x, vSphere Replication is shipped as a combined appliance that contains both the vSphere Replication management server (VRMS) and a vSphere Replication server. SRM 5.x allows you to deploy additional vSphere Replication servers.

The vSphere Replication UI uses the Inventory Service of the remote vCenter Server to list target datastores.

10443

HTTPS

vSphere Web Client on the secondary site

vCenter Server / Inventory Service on the primary site

During recovery, if you selected the option to synchronize the latest changes, the vSphere Web Client on the secondary site requires connectivity back to the vCenter Inventory Service on the primary site.

31031

Initial replication traffic

ESXi host on primary site

vSphere Replication server in the vSphere Replication appliance

From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

44046

Ongoing replication traffic

ESXi host on primary site

vSphere Replication server in the vSphere Replication appliance

From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

vSphere Replication server 1.0.x to 5.5.x network ports

The vSphere Replication appliance contains a vSphere Replication server. You can deploy additional vSphere Replication servers if you use vSphere Replication 5.1 with SRM 5.1 or if you use vSphere Replication 5.5. You cannot deploy additional vSphere Replication servers if you use vSphere Replication 5.1 without SRM.

SRM 5.0.x includes vSphere Replication 1.0.x. In vSphere Replication 1.0.x, vSphere Replication consists of a vSphere Replication management server (VRMS) appliance and one or more vSphere Replication server appliances that you deploy separately from the VRMS.

If you deploy additional vSphere Replication servers, ensure that the subset of the ports that vSphere Replication servers require are open on those servers.

Default Port

Protocol or Description

Source

Target

Endpoints or Consumers

902

TCP and UDP

vSphere Replication server

Remote ESXi host

Traffic (specifically the NFC service to the destination ESXi servers) between the vSphere Replication server and the ESXi hosts on the same site.

5480

VAMI web UI for any additional vSphere Replication servers

Browser

vSphere Replication server

Administrator's web browser.

8123

SOAP

vSphere Replication management server

vSphere Replication server

Management traffic from the vSphere Replication appliance or VRMS to the vSphere Replication servers (intrasite only).

31031

Initial replication traffic

ESXi host on primary site

vSphere Replication server

From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

44046

Ongoing replication traffic

ESXi host on primary site

vSphere Replication server

From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

Network ports that must be open between the SRM and vSphere Replication protected and recovery sites

SRM and vSphere Replication require that the protected and recovery sites can communicate.